Go/oras.land/oras-go/v2 — 4 CVEs · VulnScopepkg:Go/oras.land/oras-go/v2
共 4 筆 CVEHIGH2
✅ 檢查你的版本
所有已知漏洞
HIGH7.5CVE-2026-50151oras-go blob upload vulnerable to credential forwarding via unvalidated Location header from 0, < 2.6.1
HIGH7.1CVE-2026-50163`oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution from 0, <= 2.6.1
—CVE-2026-50162oras-go has file store write outside workingDir via symlink traversal from 0, < 2.6.1
—CVE-2026-48978oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens from 0, < 2.6.1